PRADO

June 17, 2018June 17, 2018

How to avoid landing page redirects

Your page has 1 redirects. Redirects introduce additional delays before the page can be loaded.

RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]

If instead of example.com you want the default URL to be www.example.com, then simply change the third and the fifth lines:

RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://www.%1%{REQUEST_URI} [L,NE,R=301]

June 16, 2018June 16, 2018

DirectAdmin: Adding a DMARC record to help lower your spam score

What is DMARC?

DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance”, is an email authentication, policy, and reporting protocol. It builds on the widely deployed SPF and DKIM protocols, adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor protection of the domain from fraudulent email.

Who Can Use DMARC?

DMARC policies are published in the public Domain Name System (DNS), and available to everyone. Because the specification is available with no licensing or similar restriction, any interested party is free to implement it.

Continue reading “DirectAdmin: Adding a DMARC record to help lower your spam score”

June 16, 2018June 16, 2018

DirectAdmin 1.53.1 Release Candidate 1

Hello,

We’re pleased to announce the 1.53.1 release candidate for DirectAdmin:

Version: 1.53.1 RC1

All features and fixes are listed here:
https://www.directadmin.com/versions…rsion=1.531000

If you find any issues, please reply here with reports (rather than tickets or email, unless requested) to avoid duplicate reports.

The biggest new feature will be the LetsEncrypt wildcard certificates.
NOTE: To use it, you must enable dns_ttl=1 for per-record TTL settings, or else the LE Wildcard checkbox won’t show up.

If all goes well, the full/stable release is slated for June 26th.

To download this version, please grab the pre-release binaries:
https://help.directadmin.com/item.php?id=408

John

Source: Official DirectAdmin Announcements

June 13, 2018June 13, 2018

Failed to start Apply Kernel Variables

Hello

I’m running Debian 8 (Jessie).

Last week I updated the server and got an error:

● systemd-sysctl.service - Apply Kernel Variables
   Loaded: loaded (/lib/systemd/system/systemd-sysctl.service; static)
   Active: failed (Result: exit-code) since Thu 2018-06-07 17:47:02 EEST; 2min 1s ago
     Docs: man:systemd-sysctl.service(8)
           man:sysctl.d(5)
  Process: 1907 ExecStart=/lib/systemd/systemd-sysctl (code=exited, status=1/FAILURE)
 Main PID: 1907 (code=exited, status=1/FAILURE)

Jun 07 17:47:02 kvm1.prado.lt systemd[1]: systemd-sysctl.service: main process exited, code=exited, status=1/FAILURE
Jun 07 17:47:02 kvm1.prado.lt systemd[1]: Failed to start Apply Kernel Variables.
Jun 07 17:47:02 kvm1.prado.lt systemd[1]: Unit systemd-sysctl.service entered failed state.

then, I checked that the journald daemon has collected by using the journalctl command

journalctl -xn
-- Logs begin at Thu 2018-04-19 01:13:40 EEST, end at Thu 2018-06-07 17:52:19 EEST. --
Jun 07 17:52:12 kvm1.prado.lt systemd-sysctl[2467]: Failed to write '262144' to '/proc/sys/vm/max_map_count': Permission denied
Jun 07 17:52:12 kvm1.prado.lt systemd[1]: systemd-sysctl.service: main process exited, code=exited, status=1/FAILURE
Jun 07 17:52:12 kvm1.prado.lt systemd[1]: Failed to start Apply Kernel Variables.
-- Subject: Unit systemd-sysctl.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit systemd-sysctl.service has failed.
-- 
-- The result is failed.
Jun 07 17:52:12 kvm1.prado.lt systemd[1]: Unit systemd-sysctl.service entered failed state.
Jun 07 17:52:19 kvm1.prado.lt systemd[1]: Starting Apply Kernel Variables...
-- Subject: Unit systemd-sysctl.service has begun with start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit systemd-sysctl.service has begun starting up.
Jun 07 17:52:19 kvm1.prado.lt systemd[1]: Failed to reset devices.list on /system.slice/systemd-sysctl.service: No such file or directory
Jun 07 17:52:19 kvm1.prado.lt systemd-sysctl[2506]: Failed to write '262144' to '/proc/sys/vm/max_map_count': Permission denied
Jun 07 17:52:19 kvm1.prado.lt systemd[1]: systemd-sysctl.service: main process exited, code=exited, status=1/FAILURE
Jun 07 17:52:19 kvm1.prado.lt systemd[1]: Failed to start Apply Kernel Variables.
-- Subject: Unit systemd-sysctl.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit systemd-sysctl.service has failed.
-- 
-- The result is failed.
Jun 07 17:52:19 kvm1.prado.lt systemd[1]: Unit systemd-sysctl.service entered failed state.

To load all configuration files manually, execute

sysctl --system

Once the command has been successfully executed, I found where the problem is.

* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /usr/lib/sysctl.d/elasticsearch.conf ...
sysctl: permission denied on key 'vm.max_map_count'
* Applying /etc/sysctl.conf ...

Now it’s time to open the file /usr/lib/sysctl.d/elasticsearch.conf where we will need to comment one line and problem should be solved.

We should change one line from

vm.max_map_count=262144

#vm.max_map_count=262144

Now we should to restart a service using the command

systemctl restart systemd-sysctl.service

And now we can make sure the service is up and running properly using the command

status systemd-sysctl.service
● systemd-sysctl.service - Apply Kernel Variables
   Loaded: loaded (/lib/systemd/system/systemd-sysctl.service; static)
   Active: active (exited) since Wed 2018-06-13 22:29:05 EEST; 5s ago
     Docs: man:systemd-sysctl.service(8)
           man:sysctl.d(5)
  Process: 31532 ExecStart=/lib/systemd/systemd-sysctl (code=exited, status=0/SUCCESS)
 Main PID: 31532 (code=exited, status=0/SUCCESS)

June 11, 2018

Enabling DNSSSEC on your DirectAdmin server

DNSSEC is a tool used to verify the validity of a dns lookup.
You can enable this feature in DirectAdmin 1.44.1 and newer by typing:

cd /usr/local/directadmin/scripts
./dnssec.sh install

After the command has been successfully executed. Please add the following to the ‘options { …. }’ section of your /etc/bind/named.conf.options:

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
bindkeys-file "/etc/bind/named.iscdlv.key";

which should confirm if your named.conf is set, and will enable the dnssec=1 in the directadmin.conf automatically. If the script thinks you’re missing anything from your named.conf, it will tell you what to add.

To enable DNSSEC on a domain, go to:
Admin Level -> DNS Admin -> prado.lt

1. Click “Generate Keys”
2. then click “Sign”

3. You should now see values at the bottom of the zone. Copy the 2 DS records, and paste them into your domain registrar’s website.

If you have any subdomains created as full domains, you’ll need to follow extra steps to continue the chain of trust up the line into the main domain’s zone. For normal subdomains created under a domain, no extra action is required, as they’re part of the domain’s normal zone.

June 11, 2018June 11, 2018

Fix “dig: command not found” in Debian OS

Sometimes I find that some Debian OS installations don’t have the dig command available:

dig +short kvm1.prado.lt
-bash: dig: command not found

The solution is to install the dnsutils package. For example:

apt-get install dnsutils

June 3, 2018

CentOS 7: Check if a system is vulnerable to a CVE

CVE stands for Common Vulnerabilities and Exposure. It’s a dictionary of publicly known information security vulnerabilities and exposures.

CVE’s common identifiers enable data exchange between security products and provide a baseline index point for evaluating coverage of tools and services.

Continue reading “CentOS 7: Check if a system is vulnerable to a CVE”

May 30, 2018May 30, 2018

Configure Fail2Ban for permanent and persistent bans

If you’re running server, you probably know its exposed services are constantly being probed and attacks are being attempted against it. Fortunately, an extremely useful, nice and nifty tool is here to help: Fail2Ban.

Fail2Ban scans service’s log files for patterns defined as regular expressions and, if an offending pattern is found a certain number of times within a given time frame, the corresponding source IP is banned for a configurable time, using local firewall rules such as iptables.

Continue reading “Configure Fail2Ban for permanent and persistent bans”

May 28, 2018

Security & bug fix releases PHP 7.1.18, 7.2.6

Security & bug fix releases

http://php.net/ChangeLog-7.php#7.1.18

http://php.net/ChangeLog-7.php#7.2.6

The PHP development team announces the immediate availability of PHP 7.2.6. This is a primarily a bugfix release which includes a memory corruption fix for EXIF.

PHP 7.2 users are encouraged to upgrade to this version.

The PHP development team announces the immediate availability of PHP 7.1.18. All PHP 7.1 users are encouraged to upgrade to this version.

May 24, 2018May 24, 2018

How to install Apache, PHP 7.2 and MySQL on CentOS 7.5 (LAMP)

This tutorial shows how to install an Apache web server on CentOS 7 server with PHP (mod_php) and MySQL database. The acronym LAMP is short for Linux, Apache, MySQL, PHP.

This tutorial shows the installation of the latest PHP version 7.2 on CentOS 7.5 Continue reading “How to install Apache, PHP 7.2 and MySQL on CentOS 7.5 (LAMP)”